File ImageMagick-CVE-2019-13307.patch of Package ImageMagick.16891

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2019-13307.patch of Package ImageMagick.16891

Index: ImageMagick-6.8.8-1/magick/statistic.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/statistic.c	2019-07-19 12:33:39.323340844 +0200
+++ ImageMagick-6.8.8-1/magick/statistic.c	2019-07-19 12:33:57.739442088 +0200
@@ -144,13 +144,19 @@ static size_t MagickMax(const size_t x,c
 %
 */
 
-static MagickPixelPacket **DestroyPixelThreadSet(MagickPixelPacket **pixels)
+static MagickPixelPacket **DestroyPixelThreadSet(const Image *images,
+  MagickPixelPacket **pixels)
 {
   register ssize_t
     i;
 
+  size_t
+    rows;
+
   assert(pixels != (MagickPixelPacket **) NULL);
-  for (i=0; i < (ssize_t) GetMagickResourceLimit(ThreadResource); i++)
+  rows=MagickMax(GetImageListLength(images),
+    (size_t) GetMagickResourceLimit(ThreadResource));
+  for (i=0; i < (ssize_t) rows; i++)
     if (pixels[i] != (MagickPixelPacket *) NULL)
       pixels[i]=(MagickPixelPacket *) RelinquishMagickMemory(pixels[i]);
   pixels=(MagickPixelPacket **) RelinquishMagickMemory(pixels);
@@ -171,23 +177,23 @@ static MagickPixelPacket **AcquirePixelT
 
   size_t
     columns,
-    number_threads;
+    rows;
 
-  number_threads=(size_t) GetMagickResourceLimit(ThreadResource);
-  pixels=(MagickPixelPacket **) AcquireQuantumMemory(number_threads,
-    sizeof(*pixels));
+  rows=MagickMax(GetImageListLength(images),
+    (size_t) GetMagickResourceLimit(ThreadResource));
+  pixels=(MagickPixelPacket **) AcquireQuantumMemory(rows,sizeof(*pixels));
   if (pixels == (MagickPixelPacket **) NULL)
     return((MagickPixelPacket **) NULL);
-  (void) memset(pixels,0,number_threads*sizeof(*pixels));
-  columns=images->columns;
+  (void) memset(pixels,0,rows*sizeof(*pixels));
+  columns=GetImageListLength(images);
   for (next=images; next != (Image *) NULL; next=next->next)
     columns=MagickMax(next->columns,columns);
-  for (i=0; i < (ssize_t) number_threads; i++)
+  for (i=0; i < (ssize_t) rows; i++)
   {
     pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns,
       sizeof(**pixels));
     if (pixels[i] == (MagickPixelPacket *) NULL)
-      return(DestroyPixelThreadSet(pixels));
+      return(DestroyPixelThreadSet(images,pixels));
     for (j=0; j < (ssize_t) columns; j++)
       GetMagickPixelPacket(images,&pixels[i][j]);
   }
@@ -746,7 +752,7 @@ MagickExport Image *EvaluateImages(const
       }
     }
   evaluate_view=DestroyCacheView(evaluate_view);
-  evaluate_pixels=DestroyPixelThreadSet(evaluate_pixels);
+  evaluate_pixels=DestroyPixelThreadSet(images,evaluate_pixels);
   random_info=DestroyRandomInfoThreadSet(random_info);
   if (status == MagickFalse)
     image=DestroyImage(image);
@@ -2113,7 +2119,7 @@ MagickExport Image *PolynomialImageChann
       }
   }
   polynomial_view=DestroyCacheView(polynomial_view);
-  polynomial_pixels=DestroyPixelThreadSet(polynomial_pixels);
+  polynomial_pixels=DestroyPixelThreadSet(images,polynomial_pixels);
   if (status == MagickFalse)
     image=DestroyImage(image);
   return(image);

Places

File ImageMagick-CVE-2019-13307.patch of Package ImageMagick.16891

Places